Nessus or Metasploit: Security Assessment of Openstack Cloud

Donevski, A. and Ristov, Sashko and Gušev, Marjan (2013) Nessus or Metasploit: Security Assessment of Openstack Cloud. In: Proceedings of the Tenth Conference on Informatics and Information Technology. Faculty of Computer Science and Engineering, Ss. Cyril and Methodius University in Skopje, Macedonia, Skopje, Macedonia, pp. 269-273. ISBN 978-608-4699-01-9

[img]
Preview
Text
978-608-4699-01-9_pp269-273.pdf

Download (251kB) | Preview
Official URL: http://ciit.finki.ukim.mk

Abstract

Cloud computing raises new security challenges compared to traditional on-premise due to its multi-tenant virtual environment on each cloud service layer: Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) or Software-as-a-Service (SaaS). Although the tenants are isolated, they share the hardware resources, virtual machines, the same database or even the same table. Cloud service providers must assess their tenants and many tools exist for this purpose. In this paper we deploy OpenStack open source cloud and assess cloud services and virtual machines within the cloud using the two most common security vulnerability scanners, i.e. Nessus and Metasploit. We instantiate three virtual machines with different operating systems: Windows, Fedora, and Ubuntu, to determine their vulnerabilities by the co-tenants.

Item Type: Book Section
Uncontrolled Keywords: Cloud Computing, Open source, Vulnerabilities, Multi-tenancy.
Subjects: International Conference on Informatics and Information Technologies > Distributed Systems
International Conference on Informatics and Information Technologies > GRID Computing
International Conference on Informatics and Information Technologies > Cloud Computing
Depositing User: Vangel Ajanovski
Date Deposited: 28 Oct 2016 00:15
Last Modified: 28 Oct 2016 00:15
URI: http://eprints.finki.ukim.mk/id/eprint/11007

Actions (login required)

View Item View Item